24 Hour Fitness won't let you unsubscribe from marketing spam, so I fixed it(ahmedkaddoura.com)

76 pointsby daem5 hours ago8 comments

StilesCrisis21 minutes ago
You didn't need ChatGPT to coauthor this article. Just use your own authentic voice. In 2026 no one likes GPT text anymore.
- iinnPP16 minutes ago
  LLM is accessible technology that allows people to communicate more freely. Having a prejudice against it is not far removed from having one of the unacceptable viewpoints in society.
  - leephillips5 minutes ago
    That’s not what “prejudice” means. It would be prejudice if the commenter objected to LLMs despite the quality of their output. However, the objection is based on the results. Also, the comment is correct.
bob10293 hours ago
> If you know someone on the 24 Hour Fitness engineering team, please share this with them. It's a one-line fix.
One man's bug is another man's feature.
- yellow_lead5 minutes ago
  "The marketing team says fixing this bug will negatively impact their numbers, closing."
illusive408031 minutes ago
Walmart has a toggle explicitly for product review emails. I have toggled it off. I still get weekly review emails. I now make it my mission to give 1 star to every product they email me about with a note that their unsubscribe is broken.
Once, their CSR “escalated” my issue, but I never heard back. If you work in Walmart engineering, please fix the review unsubscribe.
- 28 minutes ago
  undefined
rationalistan hour ago
If anyone from Shop.app is here, your unsubscribe does not work either (maybe due to VPN usage).
But that's okay, Fastmail now automatically routes it to the spam folder where it belongs.
additionally:
Interesting, I set my email as a backup authentication for a luddite friend's Comcast email account, and I just discovered spam from Xfinity in my spam folder. Shame on you Xfinity Comcast.
The problem:
My understanding is the CAN-SPAM Act violations can only be prosecuted by states Attorney Generals, there is no civil action available.
mattlondon4 hours ago
Sounds like they have not got CORS set up on their servers either? Surely it should not allow mutating requests from random origins not on an allowlist?
- bigDinosaur3 hours ago
  CORS has nothing to do with (dis)allowing 'mutating requests from random origins' on the server unless I'm misunderstanding what you mean. The origin is a browser concept.
  - onion2k2 hours ago
    Not sure why you're being downvoted. CORS is only a browser concept. If you fire off requests from something that isn't a browser (e.g. curl or a python script or whatever) CORS won't do anything. Servers need to validate the origin of requests properly if that's a problem.
RickJWagner27 minutes ago
That’s the best public service I’ve seen in a long time.
troupo3 hours ago
> OneTrust is literally a consent management platform focused on regulatory compliance, and 24 Hour Fitness is using it to violate consent regulations.
I mean, OneTrust's entire raison d'etre is to violate consent regulations with flimsy deniability.
imiric4 hours ago
How can you know that it "works"? Any company scummy enough to send spam to begin with, is capable of selling their customer data to a network of scummy companies that will do the same thing. I think most of the "unsubscribe" links are there to fulfill some legal obligation. They don't do what they're supposed to do, and might in fact be making things worse for the person who clicks them.
The only solution I've found to work, beyond the usual spam filtering, is to setup email on your own domain, and give every company a unique address. The moment you want to stop receiving email from them, you simply block their address. This deals both with the original company, and with anyone they've sold your contact information to.
- left-struckan hour ago
  Nah, unsubscribe links absolutely work. I’m religious about unsubscribing the first time I get any email notification I don’t want from anyone. The result is I basically get no unwanted emails unless I sign of for something new. Compared to basically every other email inbox I’ve ever seen where people don’t unsubscribe… yeah it’s super clear that it works.
  I also use email aliases for every single account I have so if my email somehow leaks and I’m getting spam, i know exactly what account leaked it. That’s basically never happened though.
  The only problem I have with unsubscribe links is that sometimes the website is straight up broken, like the link is dead or the page unresponsive, and I wonder about how far down fixing that issue is on the engineering team’s todo.
- daem3 hours ago
  My solution to spam emails is this: https://ahmedkaddoura.com/writing/hide-my-email
  I create a unique iCloud Hide My Email anytime I need to give out an email. The issue here was I signed up for my 24 Hour Fitness membership in person at the gym where the cell service was bad and I couldn't get the WiFI to work, so I begrudgingly gave the guy my real email.
  While I could have easily blocked their domain, I took it as a challenge to get the emails to stop.
  - rationalistan hour ago
    I use Fastmail which allows me to have a catch-all with my own domain name. I don't need to set anything up to give out a unique email address I make up on the spot. I highly recommend this method.
    soulofmischiefan hour ago
    The flipside of this is that it's extremely easy to spam you by just iterating new email addresses.
    fer7 minutes ago
    I do it and never had an issue. I get odd emails every now and then with an unused address, for services/people I never contacted though. But I'm talking about perhaps 2-3 per year.
  - iamacyborg3 hours ago
    Don’t they have a list unsubscribe header in the emails themselves? That’s effectively a requirement for senders of their size since Feb 2024.
    daem3 hours ago
    I see this in the headers. But there was no option in the MacOS Mail client to unsubscribe. Only the Unsubscribe link in the body of the email.
    Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=member.24hourfitness.com; s=twentyfourhour; t=1762443065; bh=KDZeTqKlOBd6YUTrR6K4RMz9MA2BueBl6/LnKG57yqY=; h=From:Date:Subject:To:MIME-Version:Message-ID:List-Unsubscribe: Content-Type; b=Bq6qnq65i1EN6Df9A5TpcCn3AnNzE8yjkNdDYkapehQV727Jrma15ZU4e88I8Ckdk iH5CZrtJPlNqPscm3JWbuP4IavLVKDNf3Prlm4q75tTXE0IyaTPexyOoGTu+4PoAeG wEa8WaN6zfLl5AkPO0U+zjFHicSx3ooyNomFTI2AtSVoVHVPcubtZV8wRPUy4EV9mV pRBroHp1Uj/LCFRyZRScbs5plfxEpmd3wO9vnMsXW6jqOi19kqfOkhTUKpaRVxxJA+ /cMIq+Wh4TSpt6+22gcm4hLsCVNW0mAImjTZZ/yPFwoGpLaoPOia8aYde1mlROOoZi yx81OFO+90kRQ==
    throw0101can hour ago
    > But there was no option in the MacOS Mail client to unsubscribe.
    The functionality for mail clients to offer an "unsubscribe" button is dependent on there being a "List-Unsubscribe" header in the e-mail with a URL:
    * https://datatracker.ietf.org/doc/html/rfc8058
    * https://datatracker.ietf.org/doc/html/rfc2369#section-3.2
    If the sender does not put one in then that's hardly the mail client's fault.
    iamacyborg3 hours ago
    MacOS should have list unsub support from what I can see: https://support.apple.com/en-gb/guide/mail/mlhld3405766/mac
    throw0101can hour ago
    Dependent on the e-mail sender putting a header with a URL in the message:
    * https://datatracker.ietf.org/doc/html/rfc8058
- nojsan hour ago
  it’s generally a poor marketing strategy to ignore explicit requests for list removal, because users manually flag the emails as spam which is catastrophic to your domain rep and will tank deliverability. the incentives are heavily in favour of removing people who unsubscribe
  - chuckadamsan hour ago
    The List-Unsubscribe header was pioneered by Dave Rolsky, one of the more notorious spammers of the early 2000's. His reasoning was that most people were just going to hit delete, but anyone who went out of their way to unsubscribe was a squeaky wheel that would cause more problems for him if they got angry about their request being ignored. So he really did honor unsubscribe requests ... at least until adding them to the next spam campaign on a different list.
- daem4 hours ago
  from 2025-10-26 to 2026-01-29 (the day I wrote this article), no_reply@24hourfitness.com sent me 40 spam emails.
  In the 33 days since I wrote this article, no_reply@24hourfitness.com sent me zero.
  - fer3 hours ago
    Assuming their mails follow a Poisson distribution, the 95% confidence interval for their new spam rate is 0-0.091 emails per day.
- iamacyborg3 hours ago
  > How can you know that it "works"? Any company scummy enough to send spam to begin with, is capable of selling their customer data to a network of scummy companies that will do the same thing.
  That’s quite a stretch for a company sending marketing email with a broken unsub mechanism.
  - chuckadamsan hour ago
    Considering how these companies are infamous for making it difficult to unsubscribe from their service in real life, I don't think it's too much of a stretch to attribute malice to how they conduct email communications.